<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Concept: Risk</title>
<meta name="uma.type" content="Concept">
<meta name="uma.name" content="risk">
<meta name="uma.presentationName" content="Risk">
<meta name="element_type" content="concept">
<meta name="filetype" content="description">
<meta name="role" content="">
<link rel="StyleSheet" href="./../../../css/default.css" type="text/css">
<script src="./../../../scripts/ContentPageResource.js" type="text/javascript" language="JavaScript"></script><script src="./../../../scripts/ContentPageSection.js" type="text/javascript" language="JavaScript"></script><script src="./../../../scripts/ContentPageSubSection.js" type="text/javascript" language="JavaScript"></script><script src="./../../../scripts/ContentPageToolbar.js" type="text/javascript" language="JavaScript"></script><script src="./../../../scripts/contentPage.js" type="text/javascript" language="JavaScript"></script><script type="text/javascript" language="JavaScript">
					var backPath = './../../../';
					var imgPath = './../../../images/';
					var nodeInfo=null;
					contentPage.preload(imgPath, backPath, nodeInfo,  '', false, false, false);
				</script>
</head>
<body>
<div id="breadcrumbs"></div>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td valign="top"><a name="Top"></a>
<div id="page-guid" value="_0bsLgMlgEdmt3adZL5Dmdw"></div>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr>
<td class="pageTitle" nowrap="true">Concept: Risk</td><td width="100%">
<div align="right" id="contentPageToolbar"></div>
</td><td width="100%" class="expandCollapseLink" align="right"><a name="mainIndex" href="./../../../index.htm"></a><script language="JavaScript" type="text/javascript" src="./../../../scripts/treebrowser.js"></script></td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td class="pageTitleSeparator"><img src="./../../../images/shim.gif" alt="" title="" height="1"></td>
</tr>
</table>
<div class="overview">
<table width="97%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="50"><img src="./../../../images/concept.gif" alt="" title=""></td><td>
<table class="overviewTable" border="0" cellspacing="0" cellpadding="0">
<tr>
<td valign="top">A risk is whatever may stand in the way to success, and is currently unknown or uncertain. Usually, a risk is qualified by the probability of occurrence and the impact in the project, if it occurs.</td>
</tr>
</table>
</td>
</tr>
</table>
</div>
<div class="sectionHeading">Relationships</div>
<div class="sectionContent">
<table class="sectionTable" border="0" cellspacing="0" cellpadding="0">
<tr valign="top">
<th class="sectionTableHeading" scope="row">Related Elements</th><td class="sectionTableCell">
<ul>
<li>
<a href="./../../../practice.mgmt.risk_value_lifecycle.base/guidances/concepts/elaboration_phase_BE880435.html" guid="_2plxwBOMEduCNqgZdt_OaA">Elaboration Phase</a>
</li>
<li>
<a href="./../../../practice.mgmt.iterative_dev.base/tasks/manage_iteration_E4D93A64.html" guid="_8S2aICbYEdqh1LYUOGRh2A">Manage Iteration</a>
</li>
<li>
<a href="./../../../practice.mgmt.risk_value_lifecycle.base/guidances/concepts/project_lifecycle_203F87.html" guid="_nSfVwCNYEdyCq8v2ZO4QcA">Project Lifecycle</a>
</li>
<li>
<a href="./../../../core.mgmt.common.extend_supp/workproducts/risk_list_C4B6F290.html" guid="_Ckay8Cc_EduIsqH1Q6ZuqA">Risk List</a>
</li>
<li>
<a href="./../../../core.mgmt.common.extend_supp/guidances/checklists/risk_list_33460EDD.html" guid="_7BZa0DIdEduDTv4Y1akVTA">Risk List</a>
</li>
<li>
<a href="./../../../core.mgmt.common.extend_supp/guidances/templates/risk_list_33A6AE1E.html" guid="_MIUO0C8FEduzydamRseoUw">Risk List</a>
</li>
</ul>
</td>
</tr>
</table>
</div>
<div class="sectionHeading">Main Description</div>
<div class="sectionContent">
<table class="sectionTable" border="0" cellspacing="0" cellpadding="0">
<tr valign="top">
<td class="sectionTableSingleCell"><h1>
    What is a Risk?
</h1>
<p>
    A risk is an uncertain event or condition that, if it occurs, will have a negative or positive effect on one or more
    project objectives [<a class="elementLinkWithUserText" href="./../../../core.default.nav_view.base/guidances/supportingmaterials/references_C6FF2A8D.html#PMI" guid="__nHToFndEd2EdJKkAyeBng">PMI</a>]. Project risks may be seen as threats or opportunities. The latter means that
    taking a calculated risk may bring, for example, competitive advantage for a product or organization. If there are
    benefits associated with an opportunity, then you can take certain degrees of risk for a project to be successful [<a class="elementLinkWithUserText" href="./../../../core.default.nav_view.base/guidances/supportingmaterials/references_C6FF2A8D.html#SEI99" guid="__nHToFndEd2EdJKkAyeBng">SEI99</a>].
</p>
<p>
    In everyday life a risk is an exposure to loss or injury: A factor, thing, element, or course involving uncertain
    danger. Similarly, in software development a risk is something that can compromise the success of a project. Examples
    of potential sources of risk in software development are listed below (see [<a class="elementLinkWithUserText" href="./../../../core.default.nav_view.base/guidances/supportingmaterials/references_C6FF2A8D.html#SEI99" guid="__nHToFndEd2EdJKkAyeBng">SEI99</a>] for more details):
</p>
<ul>
    <li>
        Requirements
    </li>
    <li>
        Design
    </li>
    <li>
        Development process
    </li>
    <li>
        Work environment
    </li>
    <li>
        Resources
    </li>
    <li>
        Contract
    </li>
    <li>
        Project interdependencies
    </li>
    <li>
        And so on
    </li>
</ul>
<h1>
    Risk Attributes
</h1>
<p>
    You can record as much information as you like or need about your risks. You will find a list of common risk attributes
    following.
</p>
<ul>
    <li>
        <b>Risk Description:</b> A description of the risk detailing the impact for the project if this risk becomes a
        problem (that is, it becomes a reality).
    </li>
    <li>
        <b>Risk Category</b>: Risk identification is usually more easily done when there is a "mental framework" in place
        to ensure that potential areas of risk are not overlooked. One way of doing this is to divide risks into categories
        (such as technical, project management, organizational, and external), to ensure that all aspects of the project
        which are prone to risk are covered.
    </li>
    <li>
        <b>Risk Type:</b> Used to classify the risk as:
    </li>
    <li style="LIST-STYLE-TYPE: none">
        <ul>
            <li>
                <b>Direct risk</b>: A risk that the project has a large degree of control over
            </li>
            <li>
                <b>Indirect risk</b>: A risk with little or no project control
            </li>
        </ul>
    </li>
    <li>
        <b>Risk Probability:</b> How likely the risk event will happen. This is usually represented as a scale of values
        (for example: High, Medium, Low). Probability is one of the most difficult quantities to judge accurately.
    </li>
    <li>
        <b>Risk Impact</b> (level): If this risk becomes a problem, what will the impact on the project be? This is not the
        actual <b>description</b> of the impact, but the <b>level</b> of impact. As the risk probability, it is usually
        represented as a scale. This attribute is also sometimes called the <b>severity</b> of the risk.
    </li>
    <li>
        <b>Risk Magnitude</b>: To be able to rank and define which risks need to be mitigate first, the <b>Risk
        Probability</b> and <b>Risk Impact</b> attributes are often combined in a single <b>Risk</b> <b>Magnitude</b>
        indicator represented as a scale similar to the combined attributes.
    </li>
</ul>
<h1>
    Risk Response Strategies
</h1>
<p>
    The risk response should be in line with the significance of the risk. The strategies for handling risk cover two main
    types: negative risks and positive risks (or opportunities). Common response strategies for negative risks or threats
    include:
</p>
<ul>
    <li>
        <b>Avoid</b>: Reorganize the project so that it cannot be affected by that risk (for example, removing work)
    </li>
    <li>
        <b>Mitigate</b>: Define actions to reduce the probability or the impact of the risk, removing it from the top of
        the list
    </li>
    <li>
        <b>Transfer</b>: Reorganize the project so that someone or something else bears the risk. It simply gives another
        party responsibility for its management. It doesn't eliminate the risk.
    </li>
</ul>
<p>
    Common response strategies for positive risks or opportunities include:
</p>
<ul class="noindent">
    <li>
        <b>Exploit</b>: Add work or reorganize the project to make sure that the opportunity occurs (it is the reverse of
        avoid)
    </li>
    <li>
        <b>Enhance</b>: Define actions to increase the probability or the positive impact of the risk (this is the reverse
        of mitigate)
    </li>
    <li>
        <b>Share</b>: Allocate the ownership of the opportunity to a third party who is best able to capture the
        opportunity for the benefit of the project.
    </li>
</ul>
<p>
    Another response strategy for both threats or opportunities is to <b>Accept</b>: Decide to live with the risk, and
    define a contingency plan.
</p>
<p>
    Some scenarios for software development may help to make these concepts more clear:
</p>
<ul>
    <li>
        You need to use a new framework. A risk avoidance strategy could be to drop this new framework and use another one
        that is already understood by the team.
    </li>
    <li>
        The application you are developing needs to communicate with a legacy system. A risk transfer strategy would be to
        have the legacy support team be responsible for providing the APIs to access the legacy system.
    </li>
    <li>
        You need to use new middleware. A risk mitigation strategy could be to build a prototype using this new middleware
        to validate that it will provide the features you need for your application.
    </li>
    <li>
        Your integrator is the only one who knows how to integrate the different components of your application. A
        contingency plan could be to identify a resource on another project that you could bring on if your integrator is
        sick, leaves the company, and so on.
    </li>
</ul></td>
</tr>
</table>
</div>
<table class="copyright" border="0" cellspacing="0" cellpadding="0">
<tr>
<td class="copyright"><p> This program and the accompanying materials are made available under the<br />
  <a href="http://www.eclipse.org/org/documents/epl-v10.php" target="_blank">Eclipse 
  Public License V1.0</a>, which accompanies this distribution. </p><p/><p> <a class="elementLink" href="./../../../core.default.release_copyright.base/guidances/supportingmaterials/openup_copyright_C3031062.html" guid="_UaGfECcTEduSX6N2jUafGA">OpenUP Copyright</a></p></td>
</tr>
</table>
</td>
</tr>
</table>
</body>
<script type="text/javascript" language="JavaScript">
				contentPage.onload();
			</script>
</html>
